On Mon, Jun 19, 2017 at 5:41 PM, Jacob Champion <[email protected]> wrote: > On 06/19/2017 03:35 PM, William A Rowe Jr wrote: >> >> Not to announce@httpd? users@ and dev@ aren't particularly >> broadcast channels. >> >> [email protected] might be too wide an audience, but that's why >> we document the CVE's with short notes in the foundation-wide >> release announcement. At least, used to document them. > > > I was following Jim's lead on the first CVE announcement. I'm not opposed to > a [SECURITY] announcement for all five; just timid. :) > > Any opposed to me copying all five to announce@httpd?
None at all, I have moderation and will push it on. Just FYI you must always send-from your @apache.org identity when pushing mail to any announce@ list, because all other posts are pre-filtered before moderation.
